Share via

Cryptographic Services failed while processing the OnIdentity() call

Anonymous
2013-11-09T16:45:39+00:00

Since UPGARDING to Windows 8.1 on October 17, 2013 have been getting the following error

Log Name:      Application

Source:        Microsoft-Windows-CAPI2

Date:          11/09/13 10:19:48 AM

Event ID:      513

Task Category: None

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      Michael-HP

Description:

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:

Access is denied.

.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />

    <EventID Qualifiers="0">513</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8080000000000000</Keywords>

    <TimeCreated SystemTime="2013-11-09T15:19:48.537403000Z" />

    <EventRecordID>54879</EventRecordID>

    <Correlation />

    <Execution ProcessID="1164" ThreadID="4752" />

    <Channel>Application</Channel>

    <Computer>Michael-HP</Computer>

    <Security />

  </System>

  <EventData>

    <Data>

Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:

Access is denied.

</Data>

  </EventData>

</Event>

Saw a similar thread Since upgrading Windows backup fails at http://answers.microsoft.com/en-us/windows/forum/windows8_1-system/since-upgrading-windows-backup-fails-cryptographic/aee23306-09df-4182-a549-da1084e20513 and followed the advice there and didn't have issues. There was a link to EventID 513 Capi2 error at http://social.technet.microsoft.com/Forums/windows/en-US/14abbc90-cab5-4fc6-953a-96c1929f9a7b/eventid-513-capi2-error?forum=itprovistasp which goes back to 2009 slightly before Windows 8.1. In any event this article (which I only glanced at) suggest checking 1409 files for errors.

Is this problem another of the newly introduced Windows 8.1 bugs or ishere a solution that can be applied? Thanks.

Windows for home | Previous Windows versions | Devices and drivers

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments
Answer accepted by question author
  1. Anonymous
    2014-01-23T22:34:19+00:00

    Hope I can help to someone.

    I had the same issue with the fresh Windows 8.1 Pro.

    Couldn't find answer so had to debug Windows to find a solution.

    "Microsoft Link-Layer Discovery Protocol" binary is \Windows\system32\DRIVERS\mslldp.sys

    Its config registry key is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsLldp

    During backup a VSS process running under NETWORK_SERVICE account calls cryptcatsvc!CSystemWriter::AddLegacyDriverFiles(), which enumerates all the drivers records in Service Control Manager database and tries opening each one of them. , The function fails on MSLLDP record with "Access Denied" error.

    Turned out it fails because MSLLDP driver's security permissions do not allow NETWORK_SERVICE to access the driver record.

    The binary security descriptor for the record is located here:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsLldp\Security

    It should be modified, I used SC.EXE and Sysinternals' ACCESSCHK.EXE to fix it.

    The original security descriptor looked like below:

    >accesschk.exe -c mslldp

    mslldp

      RW NT AUTHORITY\SYSTEM

      RW BUILTIN\Administrators

      RW S-1-5-32-549       <- these are server operators

      R  NT SERVICE\NlaSvc

    No service account is allowed to access MSLLDP driver

    The security descriptor for the drivers that were processed successfully looked this way:

    >accesschk.exe -c mup

    mup

      RW NT AUTHORITY\SYSTEM

      RW BUILTIN\Administrators

      R  NT AUTHORITY\INTERACTIVE

      R  NT AUTHORITY\SERVICE  <- this gives access to services

    How to add access rights for NT AUTHORITY\SERVICE to MSLLDP service:

    1. Run: SC sdshow MSLLDP

    You'll get something like below (SDDL language is documented on MSDN):

    D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    1. Run: SC sdshow MUP

    You'll get:

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    1. Take NT AUTHORITY\ SERVICE entry, which is (A;;CCLCSWLOCRRC;;;SU) and add it to the original MSLLDP security descriptor properly, right before the last S:(AU... group.
    2. Apply the new security descriptor to MSLLDP service :

    sc sdset MSLLDP D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    1. Check the result:

    >accesschk.exe -c mslldp

    mslldp

      RW NT AUTHORITY\SYSTEM

      RW BUILTIN\Administrators

      RW S-1-5-32-549

      R  NT SERVICE\NlaSvc

      R  NT AUTHORITY\SERVICE

    1. Run you backup app, the error is gone for my Home Server backup.

    !!! Do not forget to use your security descriptor for MSLLDP driver since I guess there can be some rare cases when its different for your machine. Do not copy my SDDL descriptions, just in case. And backup the old descriptor just in case !!!

    I don't know what reason MS had behind all this, probably some security concerns or probably this is just a bug. Definitely not a security problem in my environment.

    Good luck!

    257 people found this answer helpful.
    0 comments

225 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2013-11-14T15:40:46+00:00

    Since a lot of people have  these errors, I fully agree, Windows 8.1 is beta software. Never really tested.

    Microsoft should look into the eventlog and when there is not error popping up, then beta phase is closed and general distribution can begin. But not before.

    In the last months the Microsoft software has become of such a poor quality it is amazing. Every patch day there is one patch which has to be removed. In November it was KB 2837597 (Windows Office 2010 calendar problem).  I don't know what is going at Microsoft.

    Michael

    0 comments
  2. Anonymous
    2013-12-15T14:28:28+00:00

    We're rare birds, those of us who care whether our event logs are completely clean.

    I'd managed it with Windows 7 for quite some time - and not surprisingly my workstation would just run and run.  The only reboots, even though I use the machine hard daily, were for Windows Updates.

    At this point with Windows 8.1 (clean-installed a month ago) I'm down to just 8 errors in the last 24 hours, in 4 types, and the system does seem quite stable, though I'm still a bit worried about the efficacy of my backups:

    • 5 daily CAPI2 ID 513 entries in the Application log during backup:  "Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. "
    • A single roughly daily Store-Licensing entry ID 512 in the Microsoft-Windows-Store-Licensing/Admin log: "Windows Store failed to sync machine licenses.  Result code 0x80070002"
    • One Perflib entry ID 1023 at bootup:  "Windows cannot load the extensible counter DLL rdyboost.  The first four bytes (DWORD) of the Data section contains the Windows error code (7E000000)."
    • One (expected) Service Control Manager entry ID 7000 at bootup:  "The UAC File Virtualization service failed to start due to the following error:  The driver has been blocked from loading"

    Of all these, the only one that disturbs me is the first, and the subject of this thread.  And so far Microsoft has only been able to point to old articles having to do with changing file permissions in winsxs and similar.  The others I'd rather not see but they're either for known reasons (UAC disabled) or for subsystems I don't want running anyway (Store and rdyboost).

    I agree, the software should only be released when system testing shows that it does not log errors of its own volition.

    -Noel

    Detailed how-to in my eBooks: Configure The Windows 7 "To Work" Options <br><br>Configure The Windows 8 "To Work" Options
    0 comments
  3. Anonymous
    2014-01-08T04:57:50+00:00

    I have the same  issue but it doesn't appear in my event log every time. I'm using Windows 8.1 Pro 64- bit. I notice that it only appears in my event log everytime my ISP's DNS server doesn't respond or so.

    This error doesn't appear in my event log all time. Just sometimes on certain events.

    0 comments
  4. Anonymous
    2014-01-08T07:46:21+00:00

    You can trigger the error event by simply manually creating a restore point.

    0 comments